The Data Protection Bill: It’s not what you think it is!

canstockphoto16666262

Yesterday the DCMS published the long awaited Data Protection Bill 2017. Accompanying the 203 pages of the Bill there are 112 pages of explanatory notes, a 4-page factsheet and a 5-page impact assessment. With detailed cross referencing to the provisions of the General Data Protection Regulation (GDPR), this Bill is a gift to purveyors of highlighters and sticky notes!

The Bill has many aims (see below). It does not though, contrary to popular belief, incorporate the GDPR into UK law. GDPR is a Regulation and so directly applicable when it comes into force on 25th May 2018. It does not need to be “signed into British law” whilst we remain members of the EU. Post Brexit the GDPR will still be the law because of the provisions of the European Union (Withdrawal) Bill (previously the Great Repeal Bill.) Paragraph 6 of the explanatory notes confirms this:

“While the UK remains a member of the EU, all the rights and obligations of EU membership remain in force. When the UK leaves the EU, the GDPR will be incorporated into the UK’s domestic law under the European Union (Withdrawal) Bill, currently before Parliament.”

So why do we need a Data Protection Bill? Section 1 explains:

To fill in some of the gaps in GDPR – what are known as “derogations”; where Members states are allowed to make their own rules. The Bill mirrors the Government’s Statement of Intent which was published a few weeks ago. Amongst many other things, we are now clearer on the minimum age at which a child can consent to certain types of data processing, the definition of a public authority/public body, new offences, rules on automated decision making and exemptions (including for research and freedom of expression in the media.)

To make provision for a broadly equivalent regime to certain types of processing to which the GDPR does not apply (see Article 2(2)) including the processing of unstructured, manual data held by an FOI public authority.

To implement Directive (EU) 2016/680 (the Law Enforcement Directive) on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. Unlike the GDPR, the Law Enforcement Directive is not directly applicable EU law; accordingly Part 3 of the Bill, amongst other things, transposes the provisions of the Directive into UK law.

To make provision for the processing of personal data by the Intelligence Services

To make provisions about the role of the Information Commissioner

To make provisions for the enforcement of data protection legislation

The second reading of the Bill will be on 10th October. Its passage through Parliament can be tracked here.

Want to know more? Attend our Data Protection Bill workshop.

Let Act Now help with your GDPR preparations. Our full day workshops and GDPR Practitioner Certificate courses are filling up fast.

We also offer a GDPR health check service.

This entry was posted in Brexit, Data Protection, DP Bill, EU DP Regulation, GDPR and tagged , , . Bookmark the permalink.

3 Responses to The Data Protection Bill: It’s not what you think it is!

  1. Pingback: The Data Protection Bill: A Summary | Blog Now

  2. Pingback: The GDPR, Data Protection Bill and Complaints | Blog Now

  3. Pingback: GDPR: Notification and the future of ICO Charges | Blog Now

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s